What is claimed is: 



CLAIMS 



1 LA method for control of key pair usage in a computer system, the method 

2 comprising: 

3 (a) creating key pair material for utilization with an embedded security chip of 

4 the computer system, the key pair material including tag data; and 

5 (b) determining whether the key pair material is bound to the embedded security 

6 chip based on the tag data. 

i jj 2. The method of claim 1 wherein the tag data further comprises a bit to indicate 

% I> whether binding is required for the key pair material. 

|4 3. The method of claim 1 wherein creating key pair material further comprises creating 

p|E key pair material of different levels. 

• liSfS. 
jiiBW. 

1 4. The method of claim 3 wherein the different levels further comprise four levels. 

1 5 . The method of claim 4 wherein the four levels further comprise a hardware key pair 

2 level, a platform key pair level, a user key pair level, and a credential key pair level. 

1 6. The method of claim 5 wherein including tag data further comprises including a tag 

2 for indicating binding is required for the platform key pair level. 
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1 7. A computer system with control over key pair usage, the computer system 

2 comprising: 

3 a main processor for controlling the computer system; and 

4 a security processor coupled to the main processor for embedded security in the 

5 computer system, the security processor for storing tag data with key pair material and 

6 determining binding of the key pair material to the security processor based on the tag data. 

1 8. The system of claim 7 further comprising means for security setup to provide an 

2 interface on the computer system for administration of the security processor, including 
»B providing the tag data. 

■bid 
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0 9. The system of claim 8 wherein the tag data comprises a bit to indicate whether 

iii 2 binding is required for the key pair material. 

.;iaa. 

. Fi: 
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1 0. The system of claim 7 wherein the security processor includes memory for storing 

2 the key pair material. 

1 11. The system of claim 7 wherein the security processor manages the key pair material 

2 in a hierarchical structure. 

1 12. The system of claim 1 1 wherein the hierarchical structure further comprises a four 

2 level structure. 
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1 13. The system of claim 12 wherein the four level structure further comprise a hardware 

2 key pair level, a platform key pair level, a user key pair level, and a credential key pair level. 

1 14. The system of claim 1 3 wherein the key pair material further comprises a tag to 

2 indicate binding is required for the platform key pair level. 

1 15. The system of claim 1 4 wherein the key pair material further comprises a tag to 

2 indicate binding is not required for the user key pair level. 

■ifl 16. A method for controlling usage of key pairs in a hierarchical structure of key pairs in 

^2 an embedded security chip, the method comprising: 

;«£ storing tag data with key pair data for each level of the hierarchical structure; and 

* 4 determining whether the key pair data is bound to the embedded security chip based 

■!!3^' 

;:f5 on the tag data. 
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1 17. The method of claim 16 wherein storing tag data further comprises storing a set tag 

2 bit to indicate that binding is required and storing a reset tag bit to indicate that no binding is 

3 required. 

1 18. The method of claim 1 7 further comprising utilizing the reset tag bit with a user key 

2 pair level in the hierarchical structure to allow user key pairs to be verified securely on more 

3 than one computer system. 
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19. The method of claim 1 8 further comprising utilizing the set tag bit with a platform 
key pair level in the hierarchical structure to allow a platform key pair to be verified only on 
a computer system where binding with the embedded security chip is established. 
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